I dont understand your point exactly, also this link you provided is on french.
But what we have here and what f0dder is trying to say is something that can be used in real world to breach the security.
Here is the example, AFAIK unix/linux stores passwords as MD5 hash in passwd file, so even if you acquire that passwd file you will be unable to get root password since MD5 does not have inverse function. Now with this new knowledge, one can just get MD5 hash of the root password, then find some string that will have same MD5 as the one from passwd file and he will be easily 0wn the b0x :-D
Ofcourse this is just simplified example, but taking into account widespread of unices/linux servers in the world, this can easily became headche for all of us.

The knowledge of a specific MD5 doesn't permit to find two values M giving a coliision...therefore, collision made are usefull for the moment...

What f0dder was saying is that it is not essential to actually know the hash, you can still run a brute force attack on the system that uses it and you have a greater chance of breaking the system because there is the possibility of a collision.

Originally posted by sluggy:What f0dder was saying is that it is not essential to actually know the hash, you can still run a brute force attack on the system that uses it and you have a greater chance of breaking the system because there is the possibility of a collision.

I don't understand what you hear by brute force attack....Try to give me more clues...

While I'm familiar with the idea of hashing and so forth, I'm not terribly familiar with the math behind it (and of course, their methods for finding collisions). Is it possible that a combination of MD5 and say, SHA, could be used in conjunction? For instance, suppose your password has MD5 hash '123' and SHA hash '456'. Does the problem of finding a collision between two hash functions make the problem less tractable?

I found what you mean by brute force attack ---> a attack in the wild...

It is a little true that a neophyte has more chance to break a code...

An expert has too much notion in head and has a lot of confidence in his knowledge and in this of others that he doesn't think to find a solution to use it but only to improve code...

Code made by an expert often uses a knowledge of high level and in this fact he saw almost all the possiblities except the more brutal one.... ...For example ATM can be stolen by force i.e. to arrach ATM from the wall and open it to take BankNote...(In France they do that....but now exists an ink to cover BankNote when carriage is opened with Force)...

So in order to gain access to the system we need to grab the stored_hash value (this may or may not be a problem, depending on the system), and secondly find some string that creates a matching hash.
The point is that the string used to create the hash does not need to be the same as the original password, it just needs to create the same hash to gain access.

If MD5("ABC") == MD5("XYZ") == stored_hash,
then either "ABC" or "XYZ" are valid passwords!

If you find one that matches, who cares if it's the same one as the official user password?